CVE-2011-0989

CWE-2645 documents5 sources
Severity
5.8MEDIUM
EPSS
1.0%
top 23.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Novell Moonlight
Timeline
PublishedApr 13
Latest updateMay 17

Description

The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

NVDnovell/moonlight6 versions+5

Patches

Patch: openwall.comPatch: bugzilla.novell.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-35v8-x66v-gw3q: The RuntimeHelpers2022-05-17
CVEList
CVE-2011-0989: The RuntimeHelpers2011-04-13

📋Vendor Advisories

1
Debian
CVE-2011-0989: mono - The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moon...2011

💬Community

1
Bugzilla
CVE-2011-0989 CVE-2011-0990 CVE-2011-0991 CVE-2011-0992 mono: multiple vulnerabilities fixed in 2.4.1/3.99.32011-04-08
CVE-2011-0989 (MEDIUM CVSS 5.8) | The RuntimeHelpers.InitializeArray | cvebase.io